SOLVED

Migrating from Legacy to Modern Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-1502634%22%20slang%3D%22en-US%22%3ERe%3A%20Migrating%20from%20Legacy%20to%20Modern%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502634%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F136856%22%20target%3D%22_blank%22%3E%40Anthony%20Green%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20look%20at%20you%20user%20sign%20ins%20over%20the%20last%2030%20days%20in%20the%20Azure%20portal%20you%20can%20filter%20by%20access%20using%20legacy%20auth%20clients.%3C%2FP%3E%3CP%3EIf%20you%20disable%20legacy%20auth%2C%20access%20won't%20be%20granted%20to%20anything%20using%20those%20clients%2C%20i.e%20native%20Android%20mail%20client%20to%20access%20Exchange%20Online%20will%20stop.%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503207%22%20slang%3D%22en-US%22%3ERe%3A%20Migrating%20from%20Legacy%20to%20Modern%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503207%22%20slang%3D%22en-US%22%3E1.%20has%20already%20been%20answered%20by%20Paul.%20AAD%20signin%20is%20the%20answer%2C%20you%20could%20create%20fancy%20workbooks%20-%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fnew-tools-to-block-legacy-authentication-in-your-organization%2Fba-p%2F1225302%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fnew-tools-to-block-legacy-authentication-in-your-organization%2Fba-p%2F1225302%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20when%20you%20enable%20modern%20auth%2C%20there%20isn't%20anything%20that%20breaks.%20Users%20might%20get%20a%20different%20authentication%20prompt%20in%20Office%20apps%20though%3CBR%20%2F%3E%3CBR%20%2F%3E3.When%20you%20disable%20legacy%20auth%2C%20apps%20that%20don't%20support%20modern%20auth%20will%20stop%20working%20indeed%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505988%22%20slang%3D%22en-US%22%3ERe%3A%20Migrating%20from%20Legacy%20to%20Modern%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505988%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F38406%22%20target%3D%22_blank%22%3E%40Paul%20Turner%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F186539%22%20target%3D%22_blank%22%3E%40Thijs%20Lecomte%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20will%20enable%20modern%20and%20slowly%20disable%20Legacy%20apps%20and%20test%20at%20each%20step.%3C%2FP%3E%3CP%3EThe%20main%20objective%20was%20to%20minimise%20user%20complaints%2C%20and%20alert%20them%20to%20any%20change%20in%20processes.%3C%2FP%3E%3CP%3EWe'll%20send%20them%20a%20general%20email%20to%20inform%20that%20they%20may%20possibly%20notice%20some%20changes%20in%20login%20prompts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502454%22%20slang%3D%22en-US%22%3EMigrating%20from%20Legacy%20to%20Modern%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502454%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20apologise%20if%20this%20doesn't%20question%20doesn't%20belong%20here%2C%20but%20this%20was%20where%20I%20was%20directed%20here%20by%20MS%20Support%20and%20the%20Office%20365%20forum.%3C%2FP%3E%3CP%3EWe%20are%20looking%20at%20disabling%20Legacy%20Authentication%20and%20enabling%20Modern%20Authentication%20in%20our%20tenant.%3C%2FP%3E%3CP%3EI'm%20assuming%20that%20this%20will%20apply%20to%20all%20Applications%20in%20Azure%20AD%2C%20including%20the%20Apps%20we've%20set%20up%20for%20SSO%20to%203rd%20party%20sites%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20am%20trying%20to%20figure%20out%20is%3A%3C%2FP%3E%3CP%3E1.%20How%20do%20I%20get%20a%20list%20of%20which%20applications%20are%20currently%20using%20Legacy%20Authentication%20without%20having%20to%20open%20each%20App%20individually%20and%20checking%20the%20settings%3F%3C%2FP%3E%3CP%3E2.%20If%20I%20was%20to%20enable%20Modern%20Auth%20and%20disable%20Legacy%20Auth%20at%20the%20tenant%20level%2C%20what%20sort%20of%20experience%20will%20our%20users%20see%3F%20Will%20things%20stop%20working%2C%20will%20they%20see%20different%20login%20prompts%2C%20will%20there%20be%20additional%20prompts%3F%3C%2FP%3E%3CP%3E3.%20What%20will%20happen%20to%20Apps%20that%20do%20not%20support%20Modern%20Auth%3F%20I'm%20assuming%20these%20will%20just%20stop%20working%2C%20unless%20we%20allow%20Legacy%20Auth%20just%20for%20them%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20any%20assistance%20in%20these%20areas.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1502454%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi all,

I apologise if this doesn't question doesn't belong here, but this was where I was directed here by MS Support and the Office 365 forum.

We are looking at disabling Legacy Authentication and enabling Modern Authentication in our tenant.

I'm assuming that this will apply to all Applications in Azure AD, including the Apps we've set up for SSO to 3rd party sites?

 

What I am trying to figure out is:

1. How do I get a list of which applications are currently using Legacy Authentication without having to open each App individually and checking the settings?

2. If I was to enable Modern Auth and disable Legacy Auth at the tenant level, what sort of experience will our users see? Will things stop working, will they see different login prompts, will there be additional prompts?

3. What will happen to Apps that do not support Modern Auth? I'm assuming these will just stop working, unless we allow Legacy Auth just for them?

 

Thanks for any assistance in these areas.

3 Replies

@Anthony Green 

If you look at you user sign ins over the last 30 days in the Azure portal you can filter by access using legacy auth clients.

If you disable legacy auth, access won't be granted to anything using those clients, i.e native Android mail client to access Exchange Online will stop.

 

 

best response confirmed by Anthony Green (New Contributor)
Solution
1. has already been answered by Paul. AAD signin is the answer, you could create fancy workbooks - https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-aut...

2. when you enable modern auth, there isn't anything that breaks. Users might get a different authentication prompt in Office apps though

3.When you disable legacy auth, apps that don't support modern auth will stop working indeed

Thanks @Paul Turner and @Thijs Lecomte 

 

We will enable modern and slowly disable Legacy apps and test at each step.

The main objective was to minimise user complaints, and alert them to any change in processes.

We'll send them a general email to inform that they may possibly notice some changes in login prompts.